Public Companies Update: Reminders for the 2024 Form 10-K and Proxy Statement Filing Season

By Heyward Armstrong, Alex Bowling, Tyler Cook and Olivia Meade

In this Client Alert, we highlight key considerations public companies should keep in mind when preparing their upcoming annual reports on Form 10-K and proxy statements, including rule changes, recent guidance and reporting trends.

1. Recent Form Changes

As a reminder, the U.S. Securities and Exchange Commission (the “SEC”) has recently made the following form changes to Form 10-K:

  • Cover Page (New Check Boxes):
    • New Check Box #1: “If securities are registered pursuant to Section 12(b) of the Act, indicate by check mark whether the financial statements of the registrant included in the filing reflect the correction of an error to previously issued financial statements.”

Practice Point: The company should only check this box if the change in the financial statements represents an error correction under accounting standards. Other changes, such as the retrospective revision to reportable segment information or the retrospective application of a change in accounting principle, do not require the company to check this box.

    • New Check Box #2: “Indicate by check mark whether any of those error corrections are restatements that required a recovery analysis of incentive-based compensation received by any of the registrant’s executive officers during the relevant recovery period pursuant to §240.10D-1(b).”

Practice Point: As described further below, additional disclosure will be triggered under new Item 402(w) of Regulation S-K if the company was required to prepare an accounting restatement that required recovery of erroneously awarded compensation. Assuming that the Part III information is incorporated by reference from the proxy statement into the Form 10-K, the checkbox may be the only information included in the Form 10-K regarding recovery under the company’s clawback policy. Companies are advised to have a statement prepared prior to filing the Form 10-K regarding the status of the board’s or applicable committee’s review of incentive-based compensation and whether recovery is required by the company’s clawback policy.

  • Part I, Item 1C. Cybersecurity. As discussed in more detail below, new Item 106 of Regulation S-K requires companies to provide certain cybersecurity-related information.
  • Part II, Item 6 has been retitled “Item 6. [Reserved]” (instead of “Item 6. Selected Financial Data”) and the disclosure under the item should read “Not applicable.”
  • Part II, Item 9B. Other Information. As discussed in more detail below, companies must disclose whether, during the company’s fourth quarter, any director or officer adopted or terminated a Rule 10b5-1 trading arrangement or a non-Rule 10b5-1 trading arrangement. Although companies have provided similar disclosure in their Form 10-Qs, this will be the first time such disclosure appears in their Form 10-Ks.
  • Part II, Item 9C. Disclosure Regarding Foreign Jurisdictions that Prevent Inspections. Even if not applicable (which is likely the case for most companies), companies should include this item and indicate that it is “Not applicable.”
  • Exhibit 97. Companies must file as a new Exhibit 97 their policy relating to the recovery of erroneously awarded compensation.

Each company should ensure its Form 10-K is updated to reflect these recent changes. 

2. Confirm Filer Status and Filing Deadline 

The deadline for a company to file its Form 10-K depends on the company’s filer status. For calendar-year-end companies, this year’s Form 10-K must be filed by 5:30 p.m. on February 29, 2024 for large accelerated filers, March 15, 2024 for accelerated filers, and April 1, 2024 for non-accelerated filers.

If a company’s filer status has changed, the company should ensure the appropriate box on the cover page is checked and that management and the board of directors are aware of and working towards making the filing by the applicable filing deadline. In addition, if the company has been an emerging growth company (“EGC”) for the last fiscal year, management should ensure the company continues to qualify as an EGC. A company will no longer qualify as an EGC if (i) it has total annual gross revenues of $1.235 billion or more; (ii) more than five years has passed since the first date common equity was sold pursuant to an effective registration statement (e.g., the company’s initial public offering); (iii) it has issued more than $1 billion in non-convertible debt in the previous three years; or (iv) it has become a large accelerated filer.

3. Risk Factor Updates 

As part of preparing their Form 10-Ks, companies should carefully review their risk factors and forward-looking statement disclaimers to ensure that all material risks are up to date and adequately described. Although risk factor disclosure will vary depending on the company and its industry, we have included below a non-exhaustive list of potential topics to consider:

  • Geopolitical conditions, including the conflict between Israel and Hamas, rising tensions between China and Taiwan, and the ongoing war between Russia and Ukraine;
  • Macroeconomic factors such as the impact of inflation and increased interest rates and their corresponding impact on the company’s ability to borrow funds or refinance existing indebtedness;
  • Domestic events such as the possibility of a government shutdown, potential downgrades of the United States’ credit rating, risks relating to the upcoming presidential election, and risks associated with the possible implementation of new rules and regulations in response to several high-profile bank failures that occurred in 2023;
  • Heightened cybersecurity risks, including updates in the event that actual incidents have been experienced and ensuring that such disclosures conform with other cybersecurity-related statements that are disclosed in the Form 10-K, especially in light of any new disclosure included in Item 1.C. of Form 10-K (discussed below);
  • Technological changes, including the use of machine learning and generative artificial intelligence;
  • Climate-related risks and the potential impact of pending SEC rules on climate-related disclosures; and
  • Revisions to previously disclosed risks that may no longer be as material to the company, such as the impacts from COVID-19 and risks associated with predominately remote work arrangements.

Practice Points:

  • When updating the risk factor portion of the Form 10-K, companies should pay attention to the length of that section. If the company’s risk factors exceed 15 pages, the company must summarize, in two pages or less, the risk factors using a series of concise, bulleted or numbered statements.
  • Companies are reminded that risk factor disclosures should not be presented in hypothetical terms (e.g., using terms like “may” or “could”) if such risks have actually come to fruition. Recent SEC enforcement actions and private actions have focused on failures to appropriately update hypothetical risk factors, especially in the cybersecurity and data privacy areas.
  • Companies should carefully review other sources of information that address topics covered in the risk factors. For example, companies should ensure consistency across climate change risk factors and any publicly released corporate responsibility or sustainability reports. In the climate change disclosures sample comment letter released by the SEC in 2021, the first comment highlights that the SEC staff is checking for inconsistencies in disclosures between a company’s public statements (such as a corporate social responsibility report) and its SEC filings.
  • Lastly, the SEC discourages inclusion of risk factors that could apply generically to any company, and to the extent generally applicable risk factors are presented, they should be disclosed at the end of the risk factor section under the caption “General Risk Factors.”

    4. Cybersecurity

      As discussed in our August 23, 2023 publication, Form 10-K now includes a new Item 1.C. that requires (by reference to new Item 106 of Regulation S-K) disclosure regarding the company’s cybersecurity risk management and strategy, its board’s oversight of risks from cybersecurity threats, and its management’s role in assessing and managing material risks from cybersecurity threats. Companies with fiscal years ending on or after December 15, 2023 will be required to provide such disclosure beginning in the upcoming Form 10-K. Companies will be required to tag Item 106 disclosure in Inline XBRL beginning one year after the initial compliance date (i.e., not until the Form 10-K due in early 2025 for calendar-year-end companies).

      Cybersecurity Risk Management and Strategy: 

      Under Item 106(b)(1) of Regulation S-K, companies must describe their processes, if any, for assessing, identifying and managing material risks from cybersecurity threats. In providing such disclosure, a company should address, as applicable, the following non-exclusive list of disclosure items:

      1. whether and how any such processes have been integrated into the company’s overall risk management system or processes;
      2. whether the company engages assessors, consultants, auditors or other third parties in connection with any such processes; and
      3. whether the company has processes to oversee and identify such risks from cybersecurity threats associated with its use of any third-party service provider. 

      Cybersecurity Risks: 

      Item 106(b)(2) requires companies to describe whether any risks from cybersecurity threats, including as a result of any previous cybersecurity incidents, have materially affected or are reasonably likely to materially affect the company, including its business strategy, results of operations or financial condition, and if so, how.

      Practice Point: Companies should carefully review existing cybersecurity-related risk factor disclosure to ensure such disclosure conforms with what the company is disclosing in this new Item 1.C. If the risk factors address the requirements in Item 106(b)(2), companies can consider incorporating them by reference.

      Board Oversight:  

      Item 106(c)(1) requires companies to describe the board of directors’ oversight of risks from cybersecurity threats and, if applicable, requires the company to identify any board committee or subcommittee responsible for the oversight of risks from cybersecurity threats, along with information regarding the processes by which the board or such committee is informed about such risks.

      Management Involvement:

      In addition to disclosing the board’s role in cybersecurity risk oversight, companies must describe management’s role in assessing and managing the company’s material risks from cybersecurity threats. In providing such disclosure, the SEC has provided the following non-exclusive list of items that the company should address, to the extent applicable:

      1. whether and which management positions or committees are responsible for assessing and managing such risks, and the relevant expertise of such persons or members in such detail as necessary to fully describe the nature of the expertise;[1]
      2. the processes by which such persons or committees are informed about and monitor the prevention, detection, mitigation and remediation of cybersecurity incidents; and
      3. whether such persons or committees report information about such risks to the board of directors or a committee or subcommittee of the board of directors.

      Practice Point: Early filers will likely not have the benefit of comparing against precedent disclosures from other companies given that the disclosure item is applicable for Form 10-Ks covering fiscal years ending on or after December 15, 2023. While market practice may be helpful in assessing trends in format and level of detail, the disclosure included in new Item 1.C. will necessarily need to be tailored to the company’s specific facts and circumstances. Companies should ensure that feedback on drafts is received from appropriate stakeholders with responsibilities for cybersecurity risk management, including the company’s chief compliance officer or chief information and security officer or other individuals at the company with similar responsibilities and appropriately document such review. Given the new Form 8-K reporting obligation related to material cybersecurity incidents described below, due care should be used in how any prior incidents are described in internal documentation (e.g., educating stakeholders to refrain from using terms such as “material” when describing such incidents if such a description is not warranted).

      5. Director and Officer Insider Trading Disclosures

      Recently adopted Item 408(a) of Regulation S-K requires disclosure in Quarterly Reports on Form 10-Q and Annual Reports on Form 10-K regarding the adoption and termination (including modification) of Rule 10b5-1 plans and non-Rule 10b5-1 trading arrangements by directors and officers of the company during the most recently completed fiscal quarter. Disclosures must include the material terms of the plan or arrangement, such as the name and title of the director or officer, the adoption or termination date, the duration of the plan or arrangement, the aggregate number of securities to be sold or purchased pursuant to the plan or arrangement, and whether the arrangement is intended to satisfy the affirmative defense conditions of Rule 10b5-1. The disclosure is not required to include the pricing terms of the trading arrangement and may be provided in tabular or narrative form. 

      In August 2023, the SEC issued guidance to address certain open questions on the insider trading arrangement disclosure requirements. The guidance explains that trading plans that expire or are completed pursuant to their terms, without any action by an individual, are not required to be disclosed and that the disclosure requirement applies to trading plans that cover any securities in which the officer or director has a pecuniary interest reportable under Section 16, provided that the officer or director has decided to adopt or terminate any such plan.

      Companies (other than smaller reporting companies) were required to begin complying with the Item 408(a) disclosure requirements in their Form 10-Q that covered the first full fiscal quarter (or Form 10-K if the first full fiscal quarter was the issuer’s fourth quarter) that began on or after April 1, 2023. Smaller reporting companies will be required to begin complying in their first Form 10-Q or Form 10-K filing that covers the first full fiscal quarter that began on October 1, 2023 (i.e., for calendar-year-end companies, the Form 10-K for the year ended December 31, 2023).

      Practice Point: Companies should ensure they have developed controls and procedures to identify the adoption or termination of director and officer Rule 10b5-1 or similar trading arrangements and, in light of the SEC’s interpretive guidance, consider what, if any, changes should be made to their disclosure practices.

      6. Compensation Clawbacks 

      As discussed in our March 10, 2023 publication, the SEC adopted Rule 10D-1 in October 2022, directing U.S. stock exchanges to establish listing standards that prohibit the listing of any security of a company that does not adopt and implement a written policy requiring the recovery, or “clawback,” of certain incentive-based executive compensation.

      In February 2023, the New York Stock Exchange and the Nasdaq Stock Market proposed clawback listing standards closely tracking Rule 10D-1, which they amended in June 2023 to provide for an October 2, 2023 effective date and a 60-day implementation period, which the SEC approved as proposed. Listed companies were required to adopt and implement a compliant clawback policy by December 1, 2023.

      Companies are now required to file their clawback policy as an exhibit to their annual report on Form 10-K as Exhibit 97. As described above, companies must also include two checkboxes on the cover page of Form 10-K to indicate whether the financial statements included in the filing reflect the correction of an error to previously issued financial statements and whether any of those corrections are restatements that required a recovery analysis of incentive-based compensation received by any of the company’s executive officers during the relevant recovery period. 

      In addition, the SEC has adopted new Item 402(w) of Regulation S-K, which requires disclosure in proxy and information statements if, during or after its last completed fiscal year, a listed company either (i) was required to prepare an accounting restatement that required a clawback under the company’s compliant clawback policy or (ii) had an outstanding balance of unrecovered erroneously awarded incentive-based compensation under such policy relating to a prior restatement.

      Practice Pointer: The listing rules require that the company’s clawback policy be triggered by any required accounting restatement to correct an error in previously issued financial statements that either (i) is material to the previously issued financial statements (referred to as a "Big R" restatement) or (ii) would not be material to previously issued financial statements but that would result in a material misstatement if the error were corrected in the current period or left uncorrected in the current period (referred to as a "little r" restatement). Given the broad scope of the triggering restatements, companies experiencing a restatement will generally be required to assess whether recovery may be required under their clawback policies. Prompt notification by those preparing the financial statements to other applicable stakeholders, including the company’s HR and legal teams, will be necessary in the event a triggering restatement is required.

      7. Human Capital Management

      In August 2020, the SEC approved principles-based amendments to Item 101 of Regulation S-K that required companies to discuss their human capital resources and any human capital measures or objectives that the company focuses on in managing its business, to the extent material to an understanding of the company’s business taken as a whole. In response to this requirement, the length of human capital management disclosure has generally increased. However, the amount, type and specificity of the disclosure varies markedly across companies.

      While new human capital disclosures will not technically be in effect for the upcoming Form 10-K and proxy season, companies are reminded that these disclosures remain an area of focus at the SEC. Recently, the SEC’s Investor Advisory Committee recommended that the SEC expand its human capital disclosure requirements to require (i) the number of people employed by the company, broken down by whether employees are full-time, part-time or contingent workers; (ii) turnover or comparable workforce stability measures; (iii) the total cost of the company’s workforce, broken down into major components of compensation; and (iv) workforce demographic data sufficient to allow investors to understand the company’s efforts to access and develop new sources of talent, and to evaluate the effectiveness of these efforts.

      In response to these recommendations (and others), the SEC may adopt requirements mandating the disclosure of additional information or human capital-related statistics. As such, companies are encouraged to review their human capital disclosures with these possible future requirements in mind. For example, it is not uncommon for companies to make statements about the importance of diversity and employee retention. As with other statements made in the Form 10-K, each company should ensure the data it has available is consistent with and substantiates the statements that it is making.

      8. Additional Reminders and Recent and Future Rule Changes

      • Share Repurchase Disclosure: The effective date of the new share repurchase disclosure rules, originally set for the fourth quarter of 2023, has been postponed indefinitely. The new rules were intended to modernize and enhance disclosure regarding company stock repurchases and would have required quarterly reporting of daily repurchase activity and expanded narrative disclosures about a company’s rationale for repurchases, among other things. The Fifth Circuit Court of Appeals vacated the new share repurchase disclosure rules after finding that the SEC acted arbitrarily and capriciously, in violation of the Administrative Procedure Act, in adopting the final rule. As a result, companies do not need to comply with these vacated share repurchase rules and instead should continue complying with the existing share repurchase rules.
      • Description of Company’s Securities: Companies should confirm whether any updates need to be made to the description of the company’s securities attached as an exhibit to the Form 10-K, especially if there have been amendments to the company’s articles of incorporation or bylaws or if the company issued additional classes of securities registered under Section 12 of the Securities Exchange Act of 1934 (the “Exchange Act”) during 2023 (e.g., publicly traded preferred stock).
      • Director and Officer Questionnaire Updates: Companies should review and update their D&O questionnaires in light of the new disclosure requirements and investor interest. Companies may find it helpful to update their annual D&O questionnaire relating to the following matters:
        • adoption or termination of Rule 10b5-1 plans or similar trading arrangements;
        • director expertise in areas such as cybersecurity or climate change or any other areas that may be disclosed as reasons why individuals are being nominated or renominated; and
        • consent to be named in any proxy statement, including a proxy statement of a dissident, in light of universal proxy requirements.
      • Pay-Versus-Performance Disclosure: Public companies were required to comply with the SEC’s “pay-versus-performance” rule for the first time in proxy and information statements filed during 2023 that were required to include Item 402 of Regulation S-K disclosure for executive compensation.

      Under the transition rules, companies will be required to provide one additional year of information in this year’s filing (most companies must provide four years of information, while smaller reporting companies must provide three years of information). Companies should confirm their filer status early in the proxy preparation process to ensure their disclosures are appropriately tailored to disclosure requirements.

      Because the pay-versus-performance disclosure requirement was new last year, companies should consider benchmarking their practices against peer disclosures to determine if there are any emerging market practices. Additionally, companies are encouraged to monitor SEC developments in this area, including comment letters, C&DIs (see, in particular, C&DI Section 128D, which now covers 22 topics, and C&DI 118.08, which addresses compliance with the non-GAAP rules for compensation-related information), and other guidance based on the SEC’s experience with the first year of disclosures.

      For additional information regarding the pay-versus-performance disclosure obligations, see our September 16, 2022 publication.

      • New Item 1.05 of Form 8-K: As discussed in our August 23, 2023 publication, beginning on December 18, 2023, public companies are now required to file a Form 8-K disclosing cybersecurity incidents within four business days of a determination that such incident was material to the company. The Form 8-K must disclose the material aspects of the incident’s nature, scope and timing as well as how the incident will, or reasonably likely will, impact the company’s business, financial condition and results of operations. The materiality determination must be made without unreasonable delay. Late filing of an Item 1.05 Form 8-K will not result in the loss of Form S-3 eligibility.
      • Certain Changes to Section 16 Ownership Reporting:
        • In connection with the amendments to Rule 10b5-1 plans and related disclosures described above, the SEC amended Rule 16a-3 to require prompt reporting of bona fide gifts made or received by Section 16 insiders. As a result, these gifts must now be reported on Form 4 within two business days after the transaction date, similar to other reportable transactions. Gifts made prior to February 27, 2023 remain eligible for delayed reporting on Form 5, which is due within 45 days after the end of the fiscal year in which the gift was made.

      The change reflects the increased scrutiny by the SEC of gifts of shares. In the adopting release, the SEC acknowledged that when gifts are closely followed by a sale by the donee, under conditions where the value at the time of the donation and sale affects the tax or other benefits realized by the donor, such gifts can raise policy concerns similar to those of more common forms of insider trading. The SEC clarified that the affirmative defense of Rule 10b5-1(c)(1) is also available for bona fide gifts. For example, an insider may enter into a binding arrangement to gift a certain number of shares to a charitable organization based on a traditional algorithm or formula or based on achieving certain tax objectives.

        • Effective April 1, 2023, Forms 4 and 5 were also amended to add a mandatory Rule 10b5-1(c) checkbox, requiring reporting persons to indicate whether a reported transaction was “intended to satisfy the affirmative defense conditions” of Rule 10b5-1(c). Furthermore, the instructions to Forms 4 and 5 were amended to require insiders to disclose by footnote the date the Rule 10b5-1 trading plan was adopted. 
      • Beneficial Ownership Reporting: The SEC recently adopted amendments to Regulation 13D-G under the Exchange Act that shorten the period in which beneficial owners of more than 5% of a public company’s equity securities have to make initial filings and amendments to Schedules 13D and 13G. These amendments also extend the EDGAR filing deadline for Schedules 13D and 13G from 5:30 p.m. to 10:00 p.m. Eastern Time, clarify Schedule 13D requirements relating to derivative securities, and will, effective December 18, 2024, require Schedules 13D and 13G to be filed using an XML-based language.

      Beginning February 5, 2024, initial filings on Schedule 13D will need to be made within five business days (shortened from 10 calendar days), and any amendments will need to be made within two business days, which clarifies the previous requirement that such amendments be made “promptly.”

      The new timing requirements for Schedule 13G filings do not go into effect until September 30, 2024, so there are not any immediate changes to the deadlines for amendments to those reports. The deadlines for Schedule 13G filings will depend on the type of Schedule 13G filer and the amount of securities the filer beneficially owns. Schedule 13G filings will continue to be made by the following categories of investors: (i) qualified institutional investors (pursuant to Rule 13d-1(b)); (ii) passive investors (pursuant to Rule 13d-1(c)); and (iii) exempt investors (pursuant to Rule 13d-1(d)).

      At a high-level, beginning on September 30, 2024, Schedule 13G filings will be subject to the following deadlines:

        • Qualified Institutional Investors:
          • Initial filing generally due 45 calendar days after the calendar quarter in which beneficial ownership exceeds 5%; however, if beneficial ownership exceeds 10%, the initial filing is due within five business days after the end of the first month that beneficial ownership exceeded 10%.
          • Quarterly amendments due 45 days after the end of the calendar quarter in which any material change occurred. Additional amendments may be required (due within five business days) if beneficial ownership exceeds 10% at month-end or there is an increase or decrease of beneficial ownership by more than 5%.
        • Passive Investors:
          • Initial filing due within five business days after acquiring more than 5% beneficial ownership.
          • Quarterly amendments due 45 calendar days after the end of the calendar quarter in which any material change occurred. Additional amendments may be required (due within two business days) if beneficial ownership exceeds 10% or if there is an increase or decrease of beneficial ownership by more than 5%.
        • Exempt Investors:
          • Initial filings due 45 calendar days after the calendar quarter in which beneficial ownership exceeds 5%.
          • Quarterly amendments due 45 calendar days after the end of the calendar quarter in which any material change occurred.
      • SEC Agenda and Climate Rules: According to the SEC Fall 2023 Reg-Flex Agenda, a number of rules are in the proposed or final approval stage and are expected to be approved in the first few months of 2024. Agenda items involve major proposals, including human capital management disclosure, EDGAR filer access and account management amendments (collectively referred to as “EDGAR Next”), climate change disclosure and amendments regarding shareholder proposals under Rule 14a-8, which, if approved, will likely impose substantial burdens on companies. While these proposals are unlikely to affect upcoming Form 10-Ks and proxy statements, companies are encouraged to closely monitor SEC regulatory activity and begin taking steps in anticipation of the impact that the proposed regulatory changes may have on their reporting obligations during applicable transition periods.

      As mentioned above, the long-anticipated climate disclosure rules have once again been delayed, this time until April 2024. While these rules will not be applicable for the upcoming Form 10-K or proxy statement season, companies should continue considering the impact of climate change in light of existing SEC guidance. The SEC’s focus on climate-related disclosure is not new, and the SEC released helpful climate disclosure guidance in 2010 and a sample comment letter in 2021. 

      If you have any questions regarding this Client Alert or your Form 10-K or proxy statement, please do not hesitate to contact a member of the Public Companies group or your regular Smith Anderson lawyer.

      [1] Instruction 2 to Item 106 includes the following non-exhaustive list of what constitutes relevant expertise of management: prior work experience in cybersecurity; any relevant degrees or certifications; and any knowledge, skills or other background in cybersecurity.


      Jump to Page

      This website uses cookies to enhance your browsing experience and improve functionality. To learn more, you may view our Privacy Policy. By continuing to browse Smith Anderson's website, you are accepting our use of cookies in accordance with our privacy policy.